Method and apparatus for secure content delivery over broadband access networks
First Claim
1. A method for securely delivering content over a network comprising:
- storing at least one title on a content server operatively coupled to the network, the title stored in unexecutable form;
storing on an access server operatively coupled to the network an identifier of the title as well as data unique to the title to process the title into executable form;
requiring a client process operatively coupled to the network to obtain the identifier of the title from the access server prior to retrieving at least a portion of the title from the content server; and
requiring a client process to obtain from the access server the data unique to the title to process the portion of the title into executable form.
9 Assignments
0 Petitions
Accused Products
Abstract
A system for secure delivery of on-demand content over broadband access networks utilizes a pair of servers and security mechanisms to prevent client processes from accessing and executing content without authorization. A plurality of encrypted titles are stored on a content server coupled to the network. An access server also coupled to the network contains the network addresses of the titles and various keying and authorization data necessary to decrypt and execute a title. A client application executing on a user'"'"'s local computer system is required to retrieve the address, keying and authorization data from the access server before retrieving a title from the content server and enabling execution of the title on a user'"'"'s local computer system.
-
Citations
39 Claims
-
1. A method for securely delivering content over a network comprising:
-
storing at least one title on a content server operatively coupled to the network, the title stored in unexecutable form; storing on an access server operatively coupled to the network an identifier of the title as well as data unique to the title to process the title into executable form; requiring a client process operatively coupled to the network to obtain the identifier of the title from the access server prior to retrieving at least a portion of the title from the content server; and requiring a client process to obtain from the access server the data unique to the title to process the portion of the title into executable form. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for secure delivery of content over a network comprising:
-
a content server operatively coupled to the network and having at least one title stored therein in unexecutable form; an access server operatively coupled to the network and having stored therein an identifier of the title as well as data unique to the title to process at least a portion of the title into executable form; and a client system operatively coupled to the network and including program logic configured to obtain from the access server the identifier of the title and the data unique to the title to process the portion of the title into executable form. - View Dependent Claims (7, 8, 9, 10)
-
-
11. Apparatus for secure delivery of content over a network comprising:
-
(A) a content server comprising a processor, a memory and a network interface for operatively coupling the content server to the network, the content server further comprising; (A.1) authentication logic, responsive to a token received from a client process, the token containing data identifying a time period, and configured to determine whether the client process is authorized to access the memory at a specific time; and (A.2) access logic, responsive to the token received from the client process, the token containing data uniquely identifying one of the titles stored in the memory, and configured to enable access to the memory and the title uniquely identified by the token; (B) an access server comprising a processor, a memory and a network interface for operatively coupling the access server to the network, the access server further comprising; (B.1) conversion logic, responsive to a unique identifier of a title supplied by a client process and configured to convert the unique identifier of the title into a location identifier indicating an address on the network where the title may be accessed; and (B.2) activator generation logic responsive to a request from a client process and configured to generate an activator in response thereto; and (C) a client system comprising a processor, a memory and a network interface for operatively coupling the client system to the content server and the access server over the network, the client system further comprising; (C.1) program logic configured to obtain from the access server a token, an activator and a location identifier of the content server at which an identified title can be accessed; (C.2) program logic configured to retrieve at least a portion of the identified title from the content server; and (C.3) program logic configured to execute the portion of the identified title retrieved from the content server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for delivery of content to a client system over a network, comprising:
-
a content server operatively coupled to the network and having at least one content title stored therein in unexecutable form; an access server operatively coupled to the network and having stored therein an identifier of the content title and data for processing at least a portion of the content title into executable form, the access server having program logic configured to provide the identifier of the content title and the data for processing the portion of the content title into executable form to the client system; and the client system operatively coupled to the network and including program logic configured to obtain from the access server the identifier of the content title and the data unique to the content title to process the portion of the title into executable form. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method of processing content into a file package suitable for delivery across a network, the method comprising:
-
extracting registry information about a content title, the registry information corresponding to one or more selected data files of the content title, storing the registry information in a registry entry file, encrypting the registry entry file and at least a portion of the corresponding data files of the content title, and storing the encrypted files in a file package at a location on a network file system. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
Specification